Personal blog - IT tutorials and occasional political rants.

Windows Server How To: Force Redirect all sites on a server to HTTPS in IIS

In this guide, I’ll walk you through the process of redirecting every site hosted on your server to HTTPS. Please note each site will need to have the HTTPS bindings properly configured else the sites won’t load at all.

Please note that URL Rewrite needs to be installed on the server, you can download and install it via the Web Platform Installer on iis.net.

Make sure you don’t have ‘Require SSL’ ticked in the SSL Settings panel. This will completely block all unencrypted requests to the site in question, we want to allow HTTP but redirect them to HTTPS automatically. Having ‘Require SSL’ won’t allow us to do this.

Note: If you wish to redirect individual sites on a site-by-site basis, please follow this guide:

Redirect all sites to HTTPS:

Open up the Internet Information Services (IIS) Manager and double click on your server.

Then double click on URL Rewrite.

Next up, click on Add Rule(s)… and then double click on Blank Rule under the Inbound Rules section.

Set the name of the rule (I’ve usedForce HTTPS), put (.*) into the text-box labelled Pattern:, and untick Ignore case. Then, expand Conditions by clicking the arrow on the right of the Conditions segment and click Add….

Then, scroll down to the Action section at the bottom and set the Action type: to Redirect and type the following string into the text-box labelled Redirect URL:.

https://{HTTP_HOST}/{R:1}

Ensure the Redirect type: is set to Permanent (301) and then click Apply in the top right of the IIS Manager window.

Now test loading some of the websites you host on your server in a web browser by browsing to it with http://at the beginning of the URL, and IIS will automatically redirect the site to the HTTPS version.